News & Eventshttp://http://www.safensoft.com/
News & Eventsen-usSafenSoft, 2004-2018. All rights are reserved.10080News & Eventshttp://http://www.safensoft.com/img/mini.pnghttp://www.safensoft.comThu, 26 Apr 2018 14:01:00 +0300SoftControl 4.4.12 Updatehttp://http://www.safensoft.com/security.phtml?c=863&id=1865
SafeNSec Corporation (www.safensoft.com), the leader in development of software solutions to provide information security in banks and financial organizations, releases an update of the SoftControl system. The main target of this release is to improve usability and stability of the security system. The system is designed to provide the integrity of the software environment of the network endpoints and to protect data against unauthorized access by maintenance staff or violators. <br/><br/>The system includes three basic modules. <br/><br/>1. SoftControl Service Center that consists of:<br/><br/>SoftControl Server, the server component;<br/><br/>SoftControl Admin Console, the management console.<br/><br/>2. The client components for proactive protection of end points:<br/><br/>SoftControl ATM Client for self-service devices;<br/><br/>SoftControl Endpoint Client for corporate network workstations;<br/><br/>SoftControl SClient for servers;<br/><br/>SoftControl SysWatch for personal computers.<br/><br/>3. SoftControl DLP Client, the client component designed to monitor and collect data about the user&#039;s activity.<br/><br/>The update is aimed to improve the level of security and ease of use. A number of vulnerabilities were eliminated, and reports and event logs were reworked to obtain detailed information.<br/><br/>The most important changes in 4.4.12 version are the following:<br/><br/>Control activity rules for certain applications can be created in SoftControl Admin Console and then applied on client hosts with installed SoftControl SysWatch that allows to set rules to monitor activity of application groups and definite processes and transfer these rules both to individual and group politics.<br/><br/>The format of event logs is supplemented, which allows the security administrator to obtain a detailed and visual representation of the information processing technologies on the protected device.<br/><br/>Known vulnerabilities have been fixed.<br/><br/>Detailed information is available for clients in the update section of the corporate site.<br/><br/>About SafeNSec Corporation<br/><br/>SafeNSec Corporation (www.safensoft.com) was founded in 2006 to develop best-of-breed solutions in information security for financial organizations and banks. The company is a member of the PCI Security Council and serves on the Security Best Practices committee of the ATMIA. The clients of SoftControl products are located in Europe, Middle East, Southeast Asia and Africa.<br/><br/>Tue, 27 Mar 2018 13:14:00 +0300The Central Bank warns: infecting the systems with malware is the main trend to organize cyber-attacks on bankshttp://http://www.safensoft.com/security.phtml?c=863&id=1866
According to the Central Bank, cyber attackers started using sophisticated stealing schemes. To get into a bank infrastructure, they mostly use phishing emails; however, an insider attack is also possible. For example, a disgruntled employee from the IT department can bring an infected USB drive. Next, the attackers infect the systems with malware, analyze the network and the working processes of the targeted enterprise, prepare the attack and carry it out, and withdraw the money through different channels. It is difficult to trace such attacks. The main trouble, however, is that once the malware gets into the banks information system, it can remain there after the attack, which might result in more stealing.<br/><br/>Cobalt, the most famous hacker group, is in charge to most of the successful attacks on Russian banks in 2017 to it according to the Central Bank. The group is named after a program they use for the attacks. The key to their success is perseverance and commercial scale attacks. ‘The violators send phishing emails to an average of one hundred banks. If they fail to get any attention, they repeat the mailing, says Alexey Novikov, head of Positive Technologies expert security center. ‘If there is no repeated mailing, then the attack has been successful. Information about stealing usually appears in a week or two. They then repeat the procedure with another group of banks.<br/><br/>In whole, 240 attempts to attack lending institutions have been detected. The average stolen amount is RUB 104 million in 2017. One should take into account the fact that many banks do not reveal the information that they have been robbed. Some experts claim that the real damage the banks suffered from cyber attacks in 2017 is approximately 1.5 times greater than what the Central Bank has announced. According to Stanislav Kuznetsov, vice chairman of the executive board in Sberbank, bank analysis shows that the official data could be 10-20 times smaller than the actual damage. He confirms that the problem is in the secrecy of the lending institutions, and that ‘hardly anyone can calculate the damage from the hackers if the banks keep it a secret that they have been robbed.<br/><br/>To prevent a targeted attack on a bank infrastructure, it is recommended to implement a multilayer security system. In practice, the mere design of a multilayer security system is a very resource-consuming project. Implementing the designed multilayer protection tools can be a problem that is hard to solve and that does not have a guaranteed result. One should start from the ‘learn your technologies principle and have certain freedom in selecting the implementation methods, because IT systems of a bank are constantly changing. One should be able to prevent most attack vectors by simple methods and greatly complicate any preparation and execution scenarios. The easiest thing to do is to train the personnel so that a teller or any other employee would not open an email with malware or would not follow the link that initiates the download. However, such phishing emails can look quite plausible. ‘The best way out is to completely eliminate the possibility of running a virus or other malware on an employees computer or on any other device in the banks network, says Svetozar Yakhontov, development director at StarForce Technologies. ‘This can be achieved by installing special protection that works on the principle of white lists. It means that only previously approved processes can run. Such system used to have certain drawbacks related to the need to reconfigure them after each banking software update. Today these systems are in high demand, which allowed the developers to modify them so as to meet the operating requirements of banks and other enterprises where the composition of software in use is constantly changing.<br/><br/>The most well-known system that enables software integrity during the operation is TPSecure Teller by SafeNSec Corporation that has been in the market since 2006.<br/><br/>SourceWed, 20 Dec 2017 14:01:00 +0300SoftControl 4.3.14 Updatehttp://http://www.safensoft.com/security.phtml?c=861&id=1867
SafeNSec Corporation (www.safensoft.com), the leader in development of software solutions to provide information security in banks and financial organizations, releases an update of the SoftControl system. The main target of this release is to improve usability and stability of the security system. The system is designed to provide the integrity of the software environment of the network endpoints and to protect data against unauthorized access by maintenance staff or violators. <br/><br/>The system includes three basic modules. <br/><br/>1. SoftControl Service Center that consists of:<br/><br/>SoftControl Server, the server component;<br/><br/>SoftControl Admin Console, the management console.<br/><br/>2. The client components for proactive protection of end points:<br/><br/>SoftControl ATM Client for self-service devices;<br/><br/>SoftControl Endpoint Client for corporate network workstations;<br/><br/>SoftControl SClient for servers;<br/><br/>SoftControl SysWatch for personal computers.<br/><br/>3. SoftControl DLP Client, the client component designed to monitor and collect data about the user&#039;s activity.<br/><br/>The most important changes in 4.3.14 version are the following:<br/><br/>Rules for the installer processes are valid according to the execution zone that a process belongs to. This allows increasing the security of the system when violators try to perform an attack by using trusted processes.<br/><br/>The snapshots of reference configuration are supported. (A configuration snapshot is the profile of the computer with the installed SoftControl SysWatch client application.) SoftControl Admin Console allows creating snapshots of reference configurations and comparing them with the current states of the selected client hosts. This improvement allows you to track the history of application operation, even if some applications have already been deleted.<br/><br/>Clients support keyboard locking after the corresponding settings from SoftControl Service Center have been received. To unlock the keyboard, the user needs to enter a password which is also generated in SoftControl Service Center.<br/><br/>The work of the system and notifications is changed after the license expiration. <br/><br/>Working with the server requests is improved to reduce the network load.<br/><br/>Bugs are fixed.<br/><br/>Detailed information is available for clients in the update section of the corporate site.<br/><br/>About SafeNSec Corporation<br/><br/>SafeNSec Corporation (www.safensoft.com) was founded in 2006 to develop best-of-breed solutions in information security for financial organizations and banks. The company is a member of the PCI Security Council and serves on the Security Best Practices committee of the ATMIA. The clients of SoftControl products are located in Europe, Middle East, Southeast Asia and Africa.<br/><br/>Tue, 14 Nov 2017 19:26:00 +0300How to protect payment terminals against malwarehttp://http://www.safensoft.com/security.phtml?c=861&id=1864
Svetozar Yakhontov, Director of Business Development at StarForce Technologies, has published an article about payment terminals and cash registers security. He raises a question of antivirus software for this type of devices. It turns out that sometimes it is stupid to expect the system will work the same in the test environment and in the field mostly because of .the notorious human factor. Svetozar in his post describes underwater stones which can be met when you use a software integrity system, and specifies requirements for those who just thinking about the implementation of the software control system. We only hope that it is not a post incidental need.<br/><br/>Read the full text of the article "This will never happen to us!"Thu, 09 Nov 2017 13:02:00 +0300SoftControl TPSecure Provides Security for ATMs with Windows 10 OShttp://http://www.safensoft.com/security.phtml?c=861&id=1861
StarForce Technologies has deployed SoftControl TPSecure on ATMs with the Microsoft Windows 10 Enterprise LTSB operation system. SoftControl TPSecure prevents unauthorized interaction with self-service terminals that are located in different regions all over the country. <br/><br/>The deployment of the solution is carried out on new ATM models manufactured by Diebold Nixdorf, the release of which the manufacturer announced in April 2017. Within the framework of the project, the OS was prepared for compliance with PCI DSS requirements and ATMIA recommendations. Also, policies were developed and tested for monitoring processes in the system, providing multi-level protection of the software environment of the ATMs. <br/><br/>"ATMIA recommended banks to migrate ATMs to Windows 10 in 2015, but only in 2017 the manufacturers themselves began to supply machines with such an operating system. And we are pleased with the opportunity to announce the full compatibility of SoftControl TPSecure with Windows 10 just a few months after the appearance of such ATMs on the market," says Svetozar Yakhontov, Business Development Director at StarForce Technologies.<br/><br/>According to press-releases the migration of ATMs to the newest operating system will reduce the risk of losses from cyber threats, will help to meet the regulatory requirements of regulators and simplify the implementation of transactions and analytics collection. Svetozar Yakhontov believes that such statements look like an advertising trick than a real feature "The experience gained in this project makes it possible to note that Windows 10 has no advantages in comparison with Windows 7 in information security and mechanisms of protection from cyberattacks".<br/><br/>SoftControl TPSecure (earlier SafenSoft TPSecure) is one of the most reliable solutions that preserves the software integrity of the device and prevents the launch of malicious programs, which, among other things, can be masked by trusted processes. At the moment SoftControl TPSecure solution is implemented in a number of large banks all over the world. The conducted penetration tests have indicated the high level of security created by the SoftControl TPSecure team on their customers&#039; ATM networks. More information about the solution.Mon, 23 Oct 2017 13:02:00 +0300SoftControl TPSecure Provides Protection against Cutler Maker Malwarehttp://http://www.safensoft.com/security.phtml?c=861&id=1863
Before only experienced hackers could arrange an attack on ATMs but now any one can buy ATM malware strain and raid unprotected terminals. More than that the investment for the purchase of malware can pay off with the first successful attempt.<br/><br/>Any version of the SoftControl TPSecure solution provides reliable protection against Cutlet Maker because the measures to prevent a possibility of negative interaction are basic functions of the system to provide integrity of ATM software environment including USB port control. <br/><br/>"Security measures against the Cutlet Maker malware do not demand many efforts: it is necessary to run processes only from the white list and control the binary libraries", says Svetozar Yakhontov, Business Development Director at StarForce Technologies. "It is rather funny to see that hackers, who created this malware, set protection from pirates - Cutlet Maker has equipped with a mechanism to prevent copying and illegal distribution. Why banks do not bother about protection from hackers??!!"<br/><br/>At the moment SoftControl TPSecure is implemented at many banks all over the world. The penetration tests which were arranged by the banks have confirmed a high level of reliability of the solution. More details about the solution: http://www.safensoft.com/<br/><br/>About StarForce Technologies<br/><br/>StarForce Technologies (www.star-force.com) is a leading vendor of software products in the field of information security. Business dimensions of the company: information security, software licensing, protection against unauthorized copying, analysis and modification (decompilation). Protection of network endpoints from internal and external attacks is represented by the SoftControl product line (previously SafenSoft and Safe&#039;n&#039;Sec). Since 2000 more than 70 million StarForce Technologies&#039; licenses have been sold worldwide.Thu, 28 Sep 2017 13:42:00 +0300StarForce Technologies Brings ATMs into Compliance with PCI DSS Requirements Thanks to SoftControl Solutionhttp://http://www.safensoft.com/security.phtml?c=861&id=1862
StarForce Technologies has deployed a security system for the network of self-service banking devices based on the SoftControl TPSecure solution as part of the preparation to audit compliance with the requirements of the PCI DSS standard.<br/><br/>Within the constantly increasing number of aggressive external and internal attacks on self-service banking devices that leads to significant financial losses. The regulators reasonably toughen requirements and credit and financial institutions attach increasing importance to security measures to prevent the data theft of clients&#039; plastic cards. The annual certification for compliance with the PCI DSS (Payment Card Industry Data Security Standard) data security standard is mandatory for organizations that issue and process cards data of international payment systems. At the stage of preparation for the audit for compliance of PCI DSS, banks are faced with the task of ensuring the implementation of a set of organizational and technical measures to protect payment card data from unauthorized access. <br/><br/>Subsequent to the results of testing conducted as part of the project, the SoftControl TPSecure solution has been chosen. This product (previously released under the SafenSoft brand and already well established in the information security market) helped to ensure reliable protection of the customer&#039;s ATMs from destructive impact on the software environment of the devices.<br/><br/>SoftControl TPSecure provides integrity control for software and plug-in external devices, separates software processes in the system and uses white lists for applications. The product called to maximally protect ATMs from unauthorized actions by the bank&#039;s own service personnel and external intruders, and it has already been successfully used in hundreds of thousands of self-service devices around the world, with proven functionality and an optimal costs.<br/><br/>Thanks to the well-coordinated teamwork of all project participants and interested support from the management of the bank, it took five weeks to implement the system. The key to the successful deployment of the solution was the training of specialists according to the program adapted to the specifics of the project, which made it possible to implement the practices of safe software operation on the network of self-service devices in such a short time.<br/><br/>"We were pleasantly surprised by the efficiency and readiness to implement changes in both technical and organizational issues, which was demonstrated by the strong project team," says Svetozar Yakhontov, Director of Business Development at StarForce Technologies. "The participants&#039; resources were quickly organized, the training program was agreed upon, the uninterrupted logistics of the project was provided, which allowed the system to be deployed in one go without wasting additional resources and adjusting the plans."<br/><br/>The audit of compliance with PCI DSS standards is scheduled for October 2017.<br/><br/>About StarForce Technologies<br/><br/>StarForce Technologies (www.star-force.com) is a leading vendor of software products in the field of information security. Business dimensions of the company: information security, software licensing, protection against unauthorized copying, analysis and modification (decompilation). Protection of network endpoints from internal and external attacks is represented by the SoftControl product line (http://www.safensoft.com/tpsecure/, previously SafenSoft and Safe&#039;n&#039;Sec). Since 2000, more than 70 million StarForce Technologies&#039; licenses have been sold worldwide.Wed, 28 Jun 2017 12:34:00 +0300SoftControl SysWatch Provides Reliable Protection against WannaCry and Petya Ransomwarehttp://http://www.safensoft.com/security.phtml?c=861&id=1857
People all over the world have suffered from WannaCry and Petya ransomware. The attack is hitting major infrastructure in the countries where it has spread and has also affected companies ranging from Danish shipping giant Maersk to the British advertising company WPP. The amount of damage is not yet estimated, but the figure will be multivalued. The question is: are there any measures to prevent the infection of the computer and guarantee trouble-free operation of the information system?<br/><br/>The easiest way is to not open attached files and do not click on the links in emails. Each company needs to train its employees the rules of "information hygiene". But phishing emails can look very convincing, and the fear of opening an incorrect email can slow down business processes. In this case, companies need to use additional protection - something more effective than antivirus software, which in such cases does not work. <br/><br/>SoftControl SysWatch is an application that is installed on the device. It has an antivirus component, but its main functionality is based on whitelisting: processes from only the approved list are allowed to run. Even if hackers exploit vulnerabilities in systems and applications SysWatch monitors system privileges of the processes, limits activity scenarios and protects the process buffer from external influences.<br/><br/>Unlike antiviruses, SysWatch does not depend on regular updates and allows companies to protect endpoints of the corporate network from all kinds of malicious software, application vulnerabilities, including zero-day threats and unique malicious code written specially for the attack that does not get widespread and does not get into antivirus databases.<br/><br/>How SysWatch protects from WannaCry and Petya<br/><br/>Both ransomware variants have a similar structure: penetration and cipher. MalwareHunterTeam specialists found out that the Petya loader is supplied with a second encryption malware called Misha. One of WannaCry studies showed that an initial file "mssecsvc.exe" drops and executes "tasksche.exe". The file tasksche.exe checks for disk drives, including network shares, and encrypts these using 2048-bit RSA encryption. While the files are being encrypted, the malware creates a new file directory &#039;Tor/&#039; into which it drops tor.exe and nine dll files used by tor.exe. Additionally, it drops two further files: taskdl.exe & taskse.exe. The former deletes temporary files while the latter launches @wanadecryptor@.exe to display the ransom note on the desktop to the end user. The @wanadecryptor@.exe is not in and of itself the ransomware, only the ransom note. And this is only one of several scenarios for the malware operation. <br/><br/>SoftControl SysWatch:<br/><br/>Blocks any processes that are not included in the approved list.<br/><br/>Recognizes the disguise of a malicious program as a trusted program.<br/><br/>Allows to restrict directories to run programs and to block unauthorized attempts to modify or create files and processes.<br/><br/>Currently SysWatch is installed on more than 500 thousand devices in 24 countries of the world and none of them has been subjected to destructive influence of the malware.<br/><br/> <br/><br/> <br/><br/> <br/><br/> Learn more about SysWatch<br/><br/> <br/><br/> <br/><br/> <br/><br/>Tue, 13 Jun 2017 12:34:00 +0300SoftControl Records Users Screen to Control Personnel Actionshttp://http://www.safensoft.com/security.phtml?c=861&id=1859
New feature is available thanks to the release of SoftControl version 4.2.12 <br/><br/>SafeNSec Corporation, the leader in development of software solutions for bank and financial organization information security, releases an update of the SoftControl system. This solution is designed to provide the integrity of the software environment of the network endpoints, including ATMs. Its deployment aims to arrange software running in secure mode on the enterprise network that helps to decrease risks of loses in case of target attacks. Besides the SoftControl solution helps banks to bring their infrastructure into compliance with the requirements of PCI DSS.<br/><br/>Key improvements in ver. 4.2.12: <br/><br/>SoftControl can make screenshots in video format to provide personnel activity monitoring. Before it screenshotting could be activated only by a trigger. <br/><br/>Access control for network file resources is added.<br/><br/>Now the system displays the rule ID if there was violation of the enterprise security policy. <br/><br/>The whole list of improvements is available in the update section of the corporate site.<br/><br/>About SafeNSec Corporation<br/><br/>SafeNSec Corporation (www.safensoft.com) was founded in 2006 to develop best-of-breed solutions in information security for financial organizations and banks. The company is a member of the PCI Security Standards Council and serves on the Security Best Practices committee of the ATMIA.<br/><br/>About StarForce Technologies<br/><br/>StarForce Technologies (www.star-force.com) is an expert in the field of digital information protection against hacking and unauthorized use. Since 2000 the company has been providing an integrated technological service to commercial, financial and government organizations. Since 2015 StarForce Technologies has been delivering integrated solutions based on SafeNSec Corporation products.Tue, 21 Feb 2017 19:34:00 +0300The Server of Hitachi Payment Systems Infected ATMs of India and compromised millions of cardshttp://http://www.safensoft.com/security.phtml?c=861&id=1858
In mid-2016 one of the servers of Hitachi Payment Systems was attacked by malicious software, by which the criminals got data from the ATMs of State Bank of India, HDFC Bank, ICICI Bank, Yes Bank and Axis Bank. Currently, 19 banks and 641 customers noticed fraudulent activities with the cards. To reduce risks the banks have blocked compromised cards and advised its customers to change the PIN.<br/><br/>In a statement Hitachi Payment Systems said that after the injection the malicious software worked undetected, eliminating all traces of its existence. To detect its activity allowed the audit, conducted by SISA Information Security.<br/><br/>"The reason why such cyber-attacks are happening today is because of the ineffective implementation of the payment security standards," SISA Chief Executive Officer Dharshan Shanthamurthy said. "With demonetisation, and with an increase in the number of digital payments, such attacks are going to get worse. In the name of innovation, corners are being cut. That&#039;s a matter of concern," he added.<br/><br/>Getting a certificate of compliance for PCI DSS or other security standard is a starting point for the banks to introduce new card products to the market. This is inevitable connected with the introduction of new functionality in the payment applications, deploying new software, making changes in the network configuration. At the same time, the very practice of the preparation of the audit as an annual reception: "general cleaning - furniture permutation - a reception" conceals dangerous consequences. The protection system, designed for occasional demonstrations for auditors often does not have sufficient degrees of freedom. In the first place during the audit for PCI DSS compliance is assessed the ability to withstand attacks and preserve the integrity of the system.<br/><br/>But business requires changes, and to implement them it is necessary to remove stiffeners - to disable to protection system for a while. And the next task is to bring the new system in a secure condition that requires adaptation of IS tools, which is impossible without highly qualified specialists and understanding the principles of the protection system. Wanting to reduce the cost of the technical staff and quickly bring new products to market, financiers proclaim: "Business first, security after." The statistics show that banks are attacked within 2-3 months after the date of annual audit. Introducing a new bank product is a signal to hackers to start their activity because they know about weak protection in this period.<br/><br/>It is important not just to provide a static condition of information security and integrity for ATMs. It is crucial to establish a process which helps to make changes securely, to keep the system safe during operation on all the stages of the software lifecycle: <br/><br/>Check distribution kits for infiltrations by famous "garbage" malware. Often, the infected files are added to applications during software development or assembling the distribution kit for delivery. Libraries, downloaded from untrusted sources, codecs and players for advertising content, drivers and third-party service tools often can become the source of infection. <br/><br/>Check software code for vulnerabilities. Now it is much easier. You can do it yourself with specialized tools and techniques or ask laboratories which specialize in this kind of analysis. <br/><br/>When you make sure that the software you are going to use is clean, the task is to keep it this way. That is why you need strictly define installation methods and a list of approved installers. <br/><br/>To provide a full protection for the bank infrastructure it is necessary to pay attention not only to mission-critical &#039;central part&#039;, but also to the safe operation of each network element. The vector of attack, the source of infection in a network can be totally unexpected.<br/><br/>In 2015 we analyzed the consequences of the incident, where the attack on ATMs was occurred from a bank processing server. After the attack the malware self-destructed, and to determine the source of infection was possible thanks to the presence of a legend on attacked ATMs. After the malware had an unsuccessful "rebound" on one of the devices, it showed signs of incorrect operation of the software. An engineer re-installed the software of the ATM from a "golden image". However, within an hour after reconnecting to the terminal the attack resumed. That helped to understand that the attack came from one of the servers.<br/><br/>The source of infection can be everywhere: trusted software vendors, updates in the network or installation mistakes. <br/><br/>One of the ways out of this situation is to integrate protection mechanisms at the stage of online service development. This approach is popular in the Middle East and Asia, because when safe operation is laid in the basis of a service, it allows you to quickly bring to market new products, without compromising the level of protection. In the rest of the world this approach is still not widespread because it is difficult to abandon so called "add-on" protection. But growing number of cyber-attacks and increasing size of damage are about to change the situation.<br/><br/>To learn more about integrated security tools.<br/><br/>Keywords: PCI DSS, ATM Integrity, attacks to ATM, card compromisedThu, 12 Jan 2017 13:34:00 +0300SoftControl 4.1.17 Updatehttp://http://www.safensoft.com/security.phtml?c=861&id=1856
SafeNSec Corporation (www.safensoft.com), the leader in development of software solutions to provide information security in banks and financial organizations, releases an update of the SoftControl system. The main target of this release is to improve usability and stability of the security system. The system is designed to provide the integrity of the software environment of the network endpoints and to protect data against unauthorized access by maintenance staff or violators. <br/><br/>The following modules are included in the system:<br/><br/>1. SoftControl Service Center that consists of:<br/><br/>SoftControl Server, the server component;<br/><br/>SoftControl Admin Console, the management console.<br/><br/>2. The client components for proactive protection of end points:<br/><br/>SoftControl ATM Client for self-service devices;<br/><br/>SoftControl Endpoint Client for corporate network workstations;<br/><br/>SoftControl SClient for servers;<br/><br/>SoftControl SysWatch for personal computers.<br/><br/>3. SoftControl DLP Client, the client component designed to monitor and collect data about the user&#039;s activity.<br/><br/>The most important changes in 4.1.17 version are the following:<br/><br/>The system stability is increased.<br/><br/>The work with a large number of events on the &#039;Log tab is optimized and a new filter &#039;Client type&#039; is added.<br/><br/>The configuration of tabs is stored after the user exits the program.<br/><br/>Self-protection of the client application is improved for SoftControl SysWatch.<br/><br/>Detailed information is available for clients in the update section of the corporate site.About SafeNSec Corporation<br/><br/>SafeNSec Corporation (www.safensoft.com) was founded in 2006 to develop best-of-breed solutions in information security for financial organizations and banks. The company is a member of the PCI Security Council and serves on the Security Best Practices committee of the ATMIA. The clients of SoftControl products are located in Europe, Middle East, Southeast Asia and Africa. <br/><br/>Tue, 11 Oct 2016 16:15:00 +0300Proof of age in the web can help fraudsters to crack credit cardshttp://http://www.safensoft.com/security.phtml?c=860&id=1855
Alec Muffett according to his research predicts that proposed methods to restrict access of minors to commercial pornography can lead to increase of fraudulent actions with bank cards in the UK. One of the proposals is to use bank cards to proof a users age, because minors cant have own bank cards. Another variant is to use identification information from social networks but it means that the application will get access to detailed personal data. <br/><br/>Experts suppose that the age proof service must be ready to serve more than 25 million people within a month since the launch.<br/><br/>"There is a threat that this verification can be used by cyber criminals", says Svetozar Yakhontov, Director of Business Development at SafeNSec Corporation. "The more people are forced to use credit cards online - the more familiar for them to enter the card data upon request. But hackers are already using malware which can substitute or depict the legitimate field for bank data entry. In addition, the write-off of minimum amounts will complicate the work of bank antifraud systems".<br/><br/>"The use of social networks for data collecting on demand also accustoms people to wrong behavior on the network", - Svetozar Yakhontov continues. "Today it is desirable to perform transactions with a bank account or a credit card from a secure computer, whether it&#039;s an ATM or a home computer with a system of conservation of the integrity of the system. The more data will come from outside of the protected system - the greater is the chance of losing them on the road".Tue, 04 Oct 2016 19:23:00 +0300Biometric payments on the rise: Apple Pay, Samsung Pay and Azbuka Vkusahttp://http://www.safensoft.com/security.phtml?c=860&id=1854
Today Apple Pay, a mobile payment and digital wallet service by Apple Inc., has been launched in Russia. The main partners of the service are Sberbank Russia and VTB24. And only a week ago Sberbank, the largest bank in Russia, and Azbuka Vkusa, a supermarket chain, announced the launch of a pilot project that lets customers use fingerprints to pay for products. These two events are connected: according to Bankir.ru, Sberbank wanted to start their own biometrical project first and only after this, the launches of Samsung Pay and Apple Pay were approved.<br/><br/>Samsung Pay and Apple Pay look very much the same: before making a payment you need to unlock your device and hold it up to a wireless payment terminal near the cash register. To complete purchases you enter a pin code or a fingerprint. Additionally Samsung Pay offers the option to use iris scanning for owners of the Galaxy Note 7. The South Korean manufacturer is planning to add devices piecemeal supporting this functionality. Apple Pay is available on iPhone SE, iPhone 6, 6 Plus and more recent models. <br/><br/>To pay for purchases at Azbuka Vkusa is even easier. After linking your card to your fingerprints on the cash register you can pay without your card - a fingerprint is enough. By the end of the year the results of the pilot project will be analyzed and this system may go online for all retail stores. Azbuka Vkusa has 95 shops and it made around 700 million US dollars in revenue in 2015. Cards are used for 37% of the payments made by costumers there, generating about 52% of all revenue. <br/><br/>"Easy ways of payment are getting more popular, no question about that", says Svetozar Yakhontov, Director of Business Development at SafeNSec Corporation. "There are some threats, however, that must be negated in order for everything to work smoothly. Cybercriminals already can snatch card data on the fly if they manage to infect the processing computer connected to a working POS terminal, and there are ways to create fingerprint replicas working as real user fingers without too much problems. If hackers steal your card and take your money, you can at least block it and ask your bank for another one. But who are you going to ask for a new set of fingerprints if some malware manages to steal your data?"<br/><br/>"Most experts admit that mobile payment services have a high level of security, thanks to several factors including double authorization," says Natalia Yashenkova, Head of Marketing and PR at StarForce Technologies. "But there are two weak points: a code to unlock a mobile phone can be spied at a public place and payments of less than 15 US dollars can be performed without entering a pin code. It is really interesting what would be the procedure if fingerprints are compromised. Banks and regulators should pay much more attention to the protection of payment processing against hacker attacks and fraudulent activities of employees. Above all I can see two trends: the first - the value of phones to customers has again increased since pay functionality is added, and the second - reliable biometric identification could eventually make plastic cards and mobile phones obsolete to make payments".Mon, 03 Oct 2016 15:23:00 +0300This Year Electronic Payments Can Leave Behind Money In Cashhttp://http://www.safensoft.com/security.phtml?c=860&id=1853
Marketwatch predicts by reference to a Euromonitor International study that in 2016 people will spend more money using bank cards and electronic payments compared with cash transactions. Electronic payments in the amount of approximately 23.2 trillion US dollars will exceed payments in cash which are estimated at 22.6 trillion US dollars. However, this effect is not a surprise to analysts, because the trend of increasing the share of electronic payments is prevalent for many years.<br/><br/>But the increasing number of electronic payments stimulates hackers to steal more money. Svetozar Yakhontov, Director of Business Development at SafeNSec Corporation: "The fact that electronic payment systems are vulnerable to hackers and return of facilities (stolen by unknown persons from a personal bank account) is not always possible, and if possible it always takes a long time. Today, cybercrime society sets their sights even at ATMs and payment kiosk machines in stores. Even data of an ordinary salary bank card (with which a person buys a loaf of bread) can be intercepted and stolen if wished".<br/><br/>Some European countries have already set limits on payments by cash money that triggering a strong reaction of some part of the population. "Nevertheless, electronic payments remote servicing is the thing of the future," continues Svetozar Yakhontov. "We just have to realize that customers will choose not only convenient, but also safe services. It is not enough to give the consumer a plastic card, we must also take care of security for the payments".